BACEN compliance is the first thing fintech founders mention when they are worried about entering the cross-border payments space in Brazil — and usually the last thing they fully understand before launching. This guide is our attempt to change that. Not a law review article. Not a regulatory checklist that assumes you already know the framework. A practical starting point.
Understanding the BACEN Authorization Tiers
The Banco Central do Brasil regulates payment institutions under a tiered authorization framework established by Law 12,865/2013 and subsequently detailed through a series of BCB Resolutions. The category that matters most for fintechs doing cross-border work is the Instituicao de Pagamento (IP) classification.
Within that classification, the relevant tiers for cross-border activity are:
| Authorization Type | Key Activity | Minimum Capital |
|---|---|---|
| Emissor de Instrumento de Pagamento | Issue payment instruments (cards, wallets) | R$7M |
| Emissor de Moeda Eletronico | Hold electronic money balances | R$7M |
| Iniciador de Transacao de Pagamento | Initiate payments on behalf of payers | R$1M |
| Instituicao de Cambio (BCB-authorized) | Execute FX operations | R$4M |
For most early-stage fintechs, the most practical entry point is either partnering with an already-authorized institution or pursuing the Iniciador de Transacao de Pagamento authorization if the product fits that model. Full FX authorization (Instituicao de Cambio) is achievable but requires more capital and compliance infrastructure than most series-A stage companies can maintain independently.
The KYC Requirements That Catch Startups Off Guard
BACEN's KYC requirements for cross-border transactions go beyond what most founders expect if they have only dealt with domestic compliance. The framework distinguishes between simplified due diligence (for lower-risk, lower-value transactions) and enhanced due diligence (for transactions above BRL 10,000 or involving PEPs — Politically Exposed Persons).
The pieces that routinely trip up startups:
- Beneficial ownership documentation: For corporate clients, BACEN requires identification of ultimate beneficial owners down to individuals holding 25% or more equity. This sounds straightforward but gets complex with holding structures and offshore shareholders.
- Source of funds declaration: For FX transactions above defined thresholds, clients must declare the economic origin of funds. This needs to be a structured data field in your system, not a free-text note.
- Ongoing monitoring rules: KYC is not a one-time event. BCB Resolution 44 requires periodic review of client profiles and transaction pattern monitoring for anomalies.
We have seen compliance teams at startups spend three months manually building KYC workflows that an API-native infrastructure layer should provide out of the box. Build it right the first time.
FX Transaction Reporting: SISBACEN and What You Actually Submit
Every cross-border FX transaction executed in Brazil must be registered in SISBACEN, BACEN's information system. The registration requirement includes a unique contract number (Numero do Contrato de Cambio), transaction purpose code, counterparty identification, and settlement date.
The purpose code classification is where errors accumulate. BACEN maintains a detailed table of accepted purpose codes (Natureza da Operacao), and selecting the wrong one — even inadvertently — constitutes a reporting violation. In 2024, BACEN issued 342 administrative sanctions related to incorrect FX transaction classification. That number has grown year-over-year as transaction volumes increase.
"The most common compliance failure we see in early-stage fintechs is not a missing process — it is an incorrect purpose code in SISBACEN registration. It looks like a minor data entry issue until it accumulates into a pattern that BACEN flags in a periodic audit."
— BackChannel Team
Open Finance Integration and Compliance Implications
Brazil's Open Finance framework (formerly Open Banking), rolled out in phases from 2021 through 2023, adds a compliance layer that cross-border platforms need to account for. Specifically, any fintech that holds customer financial data obtained via Open Finance APIs must comply with the data governance standards set by the Conselho Deliberativo do Open Finance Brasil.
For cross-border payment providers, the practical implication is that customer financial data shared via Open Finance for credit assessment or KYC purposes is subject to consent management requirements that differ from standard KYC data. Your consent management system and your cross-border compliance layer need to communicate.
Building Compliance Into Your Architecture, Not Onto It
The fintech startups that handle BACEN compliance best share a common architectural decision: they treated compliance requirements as system inputs, not as manual processes bolted on after the fact.
That means FX purpose codes are a validated dropdown field in your API, not a note in a customer service ticket. KYC status is a live API field that the payment initiation service checks before processing, not a spreadsheet maintained by your compliance officer. SISBACEN registration happens automatically at transaction completion, not as a daily batch job run by a contractor.
This is exactly the philosophy embedded in BackChannel's infrastructure — compliance runs at the same speed as the transaction, because it is part of the transaction.
BackChannel embeds BACEN compliance directly into every transaction. No separate compliance workflow needed.
Learn How It Works
